In-house computer systems, such as those used in connection with enterprise software, are typically accessible via one or more passwords by a plurality of users via a computer network. These passwords may be unique to each individual user, or they may be shared among several users. Increasingly, companies are making their computer systems available via the Internet so that users may access them from various locations. While this arrangement may increase productivity, it also makes the computer system more vulnerable to unauthorized attempts to access the system (such as through “hackers”).
Users, when prompted to generate their own passwords, often select a password that is easy to remember. Such passwords may be duplicative of those the users have at other computer systems (including websites), or they may include terms such as commonly found terms within a dictionary, variations on their names, family names, their pets' names, birthday, favorite hobby, favorite movie actor, etc. If a user selects a passwords based on any of these subjects, then such password may be more vulnerable to unauthorized access. This vulnerability makes the account more susceptible to hacker attack where a common technique is to attempt to login into accounts by cycling through a list of entries in a password dictionary until a match is found.
As increasing amounts of proprietary data are being generated via computer networks, prudent business practices require that safeguards be implemented to prevent or reduce the likelihood of unauthorized access. Although simple safeguards are often implemented, such as freezing access to an account after three unsuccessful attempts to login (which can be useful in repelling brute-force hacker attacks), organizations often overlook the risks posed by the passwords chosen by their various computer system users. Conventional techniques for determining whether a password is safe at a system level include simulating a dictionary attack by comparing each password to a fixed sequence of entries within a dictionary to determine if a match occurs. However, processing times and associated computing resources required for such simulated dictionary attacks often make frequent password security checks unfeasible.